【RouterOS】——PPTP Server
[i=s] 本帖最後由 角色 於 2014-9-2 00:58 編輯 [/i]The previous link was no longer valid and replaced by the following link to set up PPTP service on RB.
[url]http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP[/url]
Old link:
[url]http://www.mikrotik.com/testdocs/ros/2.9/interface/pptp.php[/url]
If you want to connect the VPN server permanently, set keepalive-timeout=0. [url]http://blog.cscworm.net/?p=2454[/url] [url]http://ros2008.blog.51cto.com/477924/99042[/url] [i=s] 本帖最後由 角色 於 2014-8-31 18:34 編輯 [/i]
[url]http://wordpress.wlevels.nl/configuring-routeros-as-pptp-server/[/url]
The above link is no longer valid. [i=s] 本帖最後由 角色 於 2013-1-31 17:30 編輯 [/i]
[url]http://wordpress.wlevels.nl/configuring-routeros-as-pptp-server/[/url]
/ppp secret> add name=Laptop service=pptp password=123
local-address=10.1.101.1 remote-address=10.1.101.100
/ppp secret> print detail
Flags: X - disabled
0 name="Laptop" service=pptp caller-id="" password="123" profile=default
local-address=10.1.101.1 remote-address=10.1.101.100 routes==""
/ppp secret>
Notice that pptp local address is the same as routers address on local interface and remote address is form the same range as local network (10.1.101.0/24).
Next step is to enable pptp server and pptp client on the laptop.
/interface pptp-server server> set enabled=yes
/interface pptp-server server> print
enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: mschap2
keepalive-timeout: 30
default-profile: default
/interface pptp-server server>
/ip firewall filter
add chain=input protocol=tcp dst-port=1723 action=accept
add chain=input protocol=gre action=accept [url]http://wiki.mikrotik.com/wiki/PPTP_Server_With_Profile[/url] [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=30359&ptid=5144]6#[/url] [i]Qnewbie[/i] [/b]
Thanks.
It seems that after VPN, the remoted end machine's operations is not the same as it is connected to the physical port of the local network segment. [i=s] 本帖最後由 Qnewbie 於 2013-1-31 20:46 編輯 [/i]
Yes, you're right.
For example in the wiki:
Local:
192.168.112.1/24
Remote:
172.16.0.1/24
And a NAT rule for 172.16.0.1/24.
[quote]In the NAT tab add a new FIREWALL rule, press the PLUS sign. chain=srcnat , src.address=172.16.0.0/24 , then goto Action's tab in the same window, select action=masquerade. Then press APPLY and OK. [/quote] [i=s] 本帖最後由 角色 於 2014-8-19 02:07 編輯 [/i]
More examples:
[url]http://www.hkepc.com/forum/redirect.php?goto=findpost&ptid=2089157&pid=31912460[/url]
[url]http://blog.cscworm.net/?p=2454[/url] [i=s] 本帖最後由 角色 於 2014-9-1 22:41 編輯 [/i]
RB Gateway IP = 192.168.88.1
Problem found = PPTP connection is still connection but no packet traffic can through the PPTP server.
The following settings were tested and found no error for PPTP server without using IP pool:
/interface pptp-server server set authentication=mschap1,mschap2 \
default-profile=default-encryption enabled=yes keepalive-timeout=30 \
max-mru=1460 max-mtu=1460 mrru=disabled
/ppp profile add name=my-profile local-address=172.20.21.1 \ remote-address=172.20.21.2 \
dns-server=8.8.8.8,8.8.4.4 use-compression=default use-encryption=yes
/ppp secret add profile=my-profile name=myuser password=mypasswd service=pptp disabled=no
/ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address=172.20.21.0/28 disabled=no
/ip firewall filter
add chain=input comment="PPTP tcp" dst-port=1723 protocol=tcp action=accept
add chain=input comment="PPTP gre" protocol=gre action=accept How about the filter rules?
/ip firewall filter
add chain=input comment="PPTP tcp" dst-port=1723 protocol=tcp [color=Red]action=accept[/color]
add chain=input comment="PPTP gre" protocol=gre [color=Red]action=accept[/color] [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=39239&ptid=5144]11#[/url] [i]Qnewbie[/i] [/b]
Thank you QNewbie. The action=accept has already added to each line. In fact, they "action=accept" were included in the firewall list. 有那个SETUP SCRIPT 能运行成功的?siteto site 的 pptp Site to Site不是非常简单吗?连好了,加static route去对面的network不是可以吗? 第一次用RB。 所以不懂。 有SCRIPT能减少问题。例如。动态IP的处理 我的要求同大部分大陆/香港两地走的人一样。在大陆GOOGLE SEARCH, FACEBOOK,YOUTUBE,GMAIL。在香港能用优酷,电视网站。以前在laptop 安装PPTP CLIENT, 现在用的人多了,所以要在ROUTER SET。 其实不用担心,你也不要那么急,我也不是从Draytek的router走过来,因为要看大陆的电影,而用普通的VPN,根本bandwidth不够,所以参考友网的帖子,还有整理,所以现在才用用LeTV盒子,在香港观看大陆的电影,非常爽!!!
DynDNS是不简单的东西,我也只会一点点,所以我看我学习Scripting。 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=40000&ptid=5144]16#[/url] [i]yiucsw[/i] [/b]
的確在router set VPN會較為方便. [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=40017&ptid=5144]18#[/url] [i]雯雯[/i] [/b]
你是在RB上initial VPN, 还是vigor 是PPTP client. 还是RB 连 RB [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=40018&ptid=5144]19#[/url] [i]yiucsw[/i] [/b]
我是RB to RB, 因為同廠的set site to site VPN較為方便. 其實你可以在Draytek後面放1部RB, 我宜家香港屋企都係咁做, 放了1部RB在Fortigate後, 雖然該部RB也直連1條和記線, 但是有時和記線不穩定的時候, 我只需要在Fortigate set port forward和RB改一下routing便可. [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=40019&ptid=5144]20#[/url] [i]雯雯[/i] [/b]
你的RB是软路由?VMWARE?是那个型号?
不是SITE TO SITE ROUTER要放在PUBLIC NETWORK? [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=40025&ptid=5144]21#[/url] [i]yiucsw[/i] [/b]
我的RB是hardware. Fortigate的site to site VPN可以做到只需1方放在public network, ROS可以做到雙方都不用在public network. 刚在GrowMore 买多了一个RB2011。 比淘宝买便宜。希望能Setup RB to RB 的翻墙 我都有跟他联系过!他卖的RB是美国插头!你买RB2011多少钱? HK$722.美国头同中国一样! 英国头再香港鸭寮街大概25元一个. [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=40177&ptid=5144]25#[/url] [i]yiucsw[/i] [/b]
这个价格不贵,非常相宜,你是给美元,还是给港币呢?你直接到他公司取货? 港币,到土瓜弯取货。我说网上是US$99
頁:
[1]